Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0050

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0050
Last Modified 26 Mar 2014 12:27:10
Published 19 Jan 2012 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0050

Summary

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

Vulnerable Systems

Application

  • Openssl 0.9.8s

  • Openssl 1.0.0f


References

CONFIRM - http://www.openssl.org/news/secadv_20120118.txt

SECTRACK - 1026548

BID - 51563

SECUNIA - 47755

SECUNIA - 47677

SECUNIA - 47631

OSVDB - 78320

HP - SSRT100747

HP - HPSBUX02737

SECUNIA - 48528

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

HP - HPSBOV02793

HP - SSRT100891

MANDRIVA - MDVSA-2012:011

DEBIAN - DSA-2392

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

Related Patches

Apple 2013-06-04 Security Update 2013-002 Server (Lion)

Novell SUSE 2012:5808 libopenssl-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:5808 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:7961 openssl security update for SLE 10 SP4 i586

Novell SUSE 2012:7961 openssl security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:27